Solved

Postfix & PGP

Posted on 2006-07-11
5
1,575 Views
Last Modified: 2008-03-10
I'm looking to harden my email server and one of the things I want to do is store inbound email on the server in PGP encrypted form.  Email arrives via SMTP unencrypted and I want to have it encrypted before it is stored in the Mailbox.  The point is to safeguard against email being picked up in the event that someone should breech the security of the server and gain access to files and or gain access to pop3 or imap.  The pgp encrypted email would be downloaded by the client and unencrypted by software on the client.  Can anyone point me in the right direction for finding such a filter for Postfix?

Thanks!
0
Comment
Question by:phasevar
  • 3
  • 2
5 Comments
 
LVL 40

Expert Comment

by:noci
ID: 17088543
If your server is breached you're toast anyway, the intruder will be able find your pgp script and known some keys/passwords etc.

If you need POP et al. At least use RPOP version of the protocol, or use SSL based versions of POP and IMAP.
this to prevent snooping and eavesdropping.

I have no knowledge of any imap/pop-servers that support your original request.  It also won't help the performance
of your mail solution. As POP & IMAP need access to the mail to make an index. ==> have to decrypt all
before supplying an answer to the first question from any client, "can I have all headers please":


0
 
LVL 40

Expert Comment

by:noci
ID: 17088553
BTW,

cyrus-imap server might be the way to go, it uses a database to store stuff..., at least raises the bar a little.
and it's a quite fast server.
0
 

Author Comment

by:phasevar
ID: 17091785
noci, PGP is public-key cryptography.  The server should only have a public key for each mailbox and the private keys needed to decrypt the messages are stored on each client.  So in event of a server breach, encrypted mail should not be able to be read without the private key.

As for indexing, I don't think pgp encrypts the headers.  PGP is used in mail already, but usually it's encrypted by the sender, not the receiving mail server.  If it travels through the mail system now, it has to have plaintext headers.

It's not the imap/pop server that would need pgp support.  It would be a filter in the Postfix incoming SMTP stage during mail queue delivery to local addresses.

Thanks for the tip on cyrus.  I've wondered about database storage for mailboxes.
0
 
LVL 40

Accepted Solution

by:
noci earned 500 total points
ID: 17093591
I assumed you wanted to encrypt the message as a whole (including the headers).
As far as mail is concerned SMTP wise there are two things...
= The Envelope (containing Sender & Receipent(s)) that only lives when a message travels from MTA => MTA and the enveloppe
    is lost on delivery at a MUA  (MTA= Mail Transfer Agent, aka postman; MUA = Useragent aka Mail Store/Mailbox + retrieval tools).
= The Content (Whole message Headers + content as one blob) The separation between header and message is on the first empty line.

Your option needs a special kind of MUA I haven't yet seen. You'll need a tool that first splits the message into its parts and the assembles
all the parts again with encryption. It can be done, but what's the point...,

The message travels across other mta's where it's not protected (you can find out how many by reading the "Received lines" in the header).
During transmission over cables it is sent in clear text, anybody with access to the right part of the cable can tap into it.
In Europe your message will end up in at least one government database as part of "Anti-Terrorist" legislation. All ISP's have to comply Jan 1st, 2007
at the latest.

Therefore if you want to  prevent access everybody needs  to encrypt their message at the source... The sender.
0
 

Author Comment

by:phasevar
ID: 17101882
Ideally all senders would encrypt their messages but that's just wishful thinking.  For instance, I don't see Amazon.com sending out receipts in pgp anytime soon.

I know the whole chain isn't secure and that email passes through many points before it reaches my server but I was just hoping to add that little bit of extra security in the event that someone were to breach the server security and gain access to the mail files.  Obviously that would do nothing to circumvent the man-in-the-middle who is actively watching for the mail.

Thanks for your help.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Hello EE, Today we will learn how to send all your network traffic through Tor which is useful to get around censorship and being tracked all together to a certain degree. This article assumes you will be using Linux, have a minimal knowledge of …
BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question